<!-- HTML header for doxygen 1.9.6-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=11"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>CMSIS-RTOS2: MPU Protected Zones</title>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<script type="text/javascript" src="tabs.js"></script>
<script type="text/javascript" src="footer.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtreedata.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/searchdata.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:d3d9a9a6595521f9666a5e94cc830dab83b65699&amp;dn=expat.txt MIT */
  $(document).ready(function() { init_search(); });
/* @license-end */
</script>
<script type="text/javascript" src="darkmode_toggle.js"></script>
<link href="extra_stylesheet.css" rel="stylesheet" type="text/css"/>
<link href="extra_navtree.css" rel="stylesheet" type="text/css"/>
<link href="extra_search.css" rel="stylesheet" type="text/css"/>
<link href="extra_tabs.css" rel="stylesheet" type="text/css"/>
<link href="version.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="../../version.js"></script>
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
 <tbody>
 <tr style="height: 55px;">
  <td id="projectlogo" style="padding: 1.5em;"><img alt="Logo" src="cmsis_logo_white_small.png"/></td>
  <td style="padding-left: 1em; padding-bottom: 1em;padding-top: 1em;">
   <div id="projectname">CMSIS-RTOS2
   &#160;<span id="projectnumber"><script type="text/javascript">
     <!--
     writeHeader.call(this);
     writeVersionDropdown.call(this, "CMSIS-RTOS2");
     //-->
    </script>
   </span>
   </div>
   <div id="projectbrief">Real-Time Operating System API</div>
  </td>
   <td>        <div id="MSearchBox" class="MSearchBoxInactive">
        <span class="left">
          <span id="MSearchSelect"                onmouseover="return searchBox.OnSearchSelectShow()"                onmouseout="return searchBox.OnSearchSelectHide()">&#160;</span>
          <input type="text" id="MSearchField" value="" placeholder="Search" accesskey="S"
               onfocus="searchBox.OnSearchFieldFocus(true)" 
               onblur="searchBox.OnSearchFieldFocus(false)" 
               onkeyup="searchBox.OnSearchFieldChange(event)"/>
          </span><span class="right">
            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.svg" alt=""/></a>
          </span>
        </div>
</td>
  <!--END !PROJECT_NAME-->
 </tr>
 </tbody>
</table>
</div>
<!-- end header part -->
<div id="CMSISnav" class="tabs1">
  <ul class="tablist">
    <script type="text/javascript">
      writeComponentTabs.call(this);
    </script>
  </ul>
</div>
<script type="text/javascript">
  writeSubComponentTabs.call(this);
</script>
<!-- Generated by Doxygen 1.9.6 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:d3d9a9a6595521f9666a5e94cc830dab83b65699&amp;dn=expat.txt MIT */
var searchBox = new SearchBox("searchBox", "search/",'.html');
/* @license-end */
</script>
</div><!-- top -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
  <div id="nav-tree">
    <div id="nav-tree-contents">
      <div id="nav-sync" class="sync"></div>
    </div>
  </div>
  <div id="splitbar" style="-moz-user-select:none;" 
       class="ui-resizable-handle">
  </div>
</div>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:d3d9a9a6595521f9666a5e94cc830dab83b65699&amp;dn=expat.txt MIT */
$(document).ready(function(){initNavTree('rtos_process_isolation_mpu.html',''); initResizable(); });
/* @license-end */
</script>
<div id="doc-content">
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
     onmouseover="return searchBox.OnSearchSelectShow()"
     onmouseout="return searchBox.OnSearchSelectHide()"
     onkeydown="return searchBox.OnSearchSelectKey(event)">
</div>

<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<div id="MSearchResults">
<div class="SRPage">
<div id="SRIndex">
<div id="SRResults"></div>
<div class="SRStatus" id="Loading">Loading...</div>
<div class="SRStatus" id="Searching">Searching...</div>
<div class="SRStatus" id="NoMatches">No Matches</div>
</div>
</div>
</div>
</div>

<div><div class="header">
  <div class="headertitle"><div class="title">MPU Protected Zones </div></div>
</div><!--header-->
<div class="contents">
<div class="textblock"><p>Memory Protection Unit (MPU) is available on many Cortex-M devices and allows to execute code with restricted access to memory regions and peripherals. Detailed information about the MPU can be found in <a href="../Core/index.html#ref_man_sec">Cortex-M Reference Manuals</a>.</p>
<p>CMSIS-RTOS2 provides a concept of <b>MPU Protected Zones</b> as a simple and flexible mechanism for using MPUs with RTOS threads. MPU Protected Zones are defined by a user as a set of memory regions and peripherals with specified access rights, and each RTOS threads gets assigned to a specific MPU Protected Zone that it is allowed to use.</p>
<p>The figure below illustrates the concept for MPU Protected Zones for isolating threads.</p>
<div class="image">
<img src="rtos_mpu.png" alt=""/>
<div class="caption">
System partitioning with MPU Protected Zones</div></div>
    <p>Sections below explain in details how to define and use MPU Protected Zones:</p>
<ul>
<li><a class="el" href="rtos_process_isolation_mpu.html#rtos_process_isolation_mpu_def">Define MPU Protected Zones</a></li>
<li><a class="el" href="rtos_process_isolation_mpu.html#rtos_process_isolation_mpu_load">Load MPU Protected Zone</a></li>
<li><a class="el" href="rtos_process_isolation_mpu.html#rtos_process_isolation_mpu_objects">RTOS Objects and MPU Protection</a></li>
<li><a class="el" href="rtos_process_isolation_mpu.html#rtos_process_isolation_mpu_fault">Handle Memory Access Faults</a></li>
</ul>
<p><b>Function references</b></p>
<p>Following functions implement and use MPU Protected Zone functionality:</p>
<ul>
<li><a class="el" href="group__CMSIS__RTOS__ThreadMgmt.html#ga48d68b8666d99d28fa646ee1d2182b8f">osThreadNew</a> :  Create a thread and add it to Active Threads.  </li>
<li><a class="el" href="group__CMSIS__RTOS__ThreadMgmt.html#gaefca370070d0b1616421bc3311acfecc">osThreadZone</a> :  MPU zone value in attribute bit field format.  </li>
<li><a class="el" href="group__CMSIS__RTOS__ThreadMgmt.html#ga4101737fa4fd303d4b41fdca6b994f8e">osThreadGetZone</a> :  Get MPU protected zone of a thread.  </li>
<li><a class="el" href="group__CMSIS__RTOS__ThreadMgmt.html#ga99ce311cc620c65fbac043d04dc7d755">osThreadTerminateZone</a> :  Terminate execution of threads assigned to a specified MPU protected zone.  </li>
<li><a class="el" href="group__CMSIS__RTOS__ThreadMgmt.html#ga79d4b26de0bfcdaf142f83e585532f93">osZoneSetup_Callback</a> :  Setup MPU protected zone (called when zone changes).  </li>
</ul>
<h1><a class="anchor" id="rtos_process_isolation_mpu_def"></a>
Define MPU Protected Zones</h1>
<p>In the architectural design phase an application is logically split into functionalities with the same integrity level (same safety requirements). They can safely operate within the same MPU Protected Zone and hence access same memory areas and peripherals.</p>
<p>MPU protected zones are defined in an MPU table where each row describes an individual MPU zone and each cell in the row specifies an MPU region within that zone. For details see section <a href="../Core/group__mpu__functions.html">MPU Functions</a> in CMSIS-Core(M) documentation.</p>
<blockquote class="doxtable">
<p>&zwj;<b>Note</b></p><ul>
<li>Interrupt handlers bypass the MPU protection. For this reason, it is required that potential impact of all interrupt handlers is strictly analyzed to exclude unintended memory accesses. </li>
</ul>
</blockquote>
<p><b>Zone Identifier</b> (Zone ID) is used to refer to a specific MPU protected zone. Zone ID value equals to the row index (starting from 0) in the MPU table that describes corresponding MPU Protected Zone.</p>
<p>An MPU Protected Zone is assigned to one or more RTOS threads. This is done by providing the Zone ID value in thread attributes <a class="el" href="group__CMSIS__RTOS__ThreadMgmt.html#structosThreadAttr__t">osThreadAttr_t</a> when creating the thread with the <a class="el" href="group__CMSIS__RTOS__ThreadMgmt.html#ga48d68b8666d99d28fa646ee1d2182b8f">osThreadNew</a> function.</p>
<p><b>Example:</b></p>
<div class="fragment"><div class="line"><span class="comment">/* ThreadA thread attributes */</span></div>
<div class="line"><span class="keyword">const</span> <a class="code hl_struct" href="group__CMSIS__RTOS__ThreadMgmt.html#structosThreadAttr__t" title="Attributes structure for thread.">osThreadAttr_t</a> thread_A_attr = {</div>
<div class="line">  .<a class="code hl_variable" href="group__CMSIS__RTOS__ThreadMgmt.html#ab74e6bf80237ddc4109968cedc58c151" title="name of the thread">name</a>       = <span class="stringliteral">&quot;ThreadA&quot;</span>,       <span class="comment">// human readable thread name</span></div>
<div class="line">  .attr_bits  = <a class="code hl_define" href="group__CMSIS__RTOS__ThreadMgmt.html#gaefca370070d0b1616421bc3311acfecc" title="MPU zone value in attribute bit field format.">osThreadZone</a>(3U) <span class="comment">// assign thread to MPU protected zone with Zone Id 3</span></div>
<div class="line">};</div>
<div class="line"><a class="code hl_function" href="group__CMSIS__RTOS__ThreadMgmt.html#ga48d68b8666d99d28fa646ee1d2182b8f" title="Create a thread and add it to Active Threads.">osThreadNew</a>(ThreadA, NULL, &amp;thread_A_attr);</div>
</div><!-- fragment --><p><a href="../Zone/index.html">CMSIS-Zone</a> provides a utility that allows graphic configuration of MPU protected zones and generates MPU table in the CMSIS format.</p>
<h1><a class="anchor" id="rtos_process_isolation_mpu_load"></a>
Load MPU Protected Zone</h1>
<p>When switching threads the RTOS kernel compares Zone IDs of the currently running thread and the next thread to be executed. If the Zone Ids are different then a callback function <a class="el" href="group__CMSIS__RTOS__ThreadMgmt.html#ga79d4b26de0bfcdaf142f83e585532f93">osZoneSetup_Callback</a> is called. This callback function shall be implemented in the user application code to actually switch to the new MPU Protected Zone. In the function the user should load the MPU Protected Zone according to the Zone Id provided in the argument.</p>
<p><b>Example:</b></p>
<div class="fragment"><div class="line"><span class="comment">/* Update MPU settings for newly activating Zone */</span></div>
<div class="line"><span class="keywordtype">void</span> <a class="code hl_function" href="group__CMSIS__RTOS__ThreadMgmt.html#ga79d4b26de0bfcdaf142f83e585532f93" title="Setup MPU protected zone (called when zone changes).">osZoneSetup_Callback</a> (uint32_t zone) {</div>
<div class="line"> </div>
<div class="line">  <span class="keywordflow">if</span> (zone &gt;= ZONES_NUM) {</div>
<div class="line">    <span class="comment">// Here issue an error for incorrect zone value</span></div>
<div class="line">  }</div>
<div class="line"> </div>
<div class="line">  ARM_MPU_Load(mpu_table[zone], MPU_REGIONS);</div>
<div class="line">}</div>
</div><!-- fragment --><h1><a class="anchor" id="rtos_process_isolation_mpu_objects"></a>
RTOS Objects and MPU Protection</h1>
<p>To access RTOS objects from the application RTOS APIs rely on a numeric <code>xxx_id</code> parameter associated with the object as explained in <a class="el" href="usingOS2.html#rtos_objects">Lifecycle of RTOS Objects</a>. For example as <code>evt_flags</code> in this code:</p>
<div class="fragment"><div class="line"><a class="code hl_typedef" href="group__CMSIS__RTOS__EventFlags.html#gafdbab933146d6d81d7cca7287e267a50">osEventFlagsId_t</a> evt_flags;</div>
<div class="line">evt_flags = <a class="code hl_function" href="group__CMSIS__RTOS__EventFlags.html#gab14b1caeb12ffa42cce1bfe889cd07df" title="Create and Initialize an Event Flags object.">osEventFlagsNew</a>(NULL);</div>
<div class="line"><a class="code hl_function" href="group__CMSIS__RTOS__EventFlags.html#ga33b71d14cecf90b4e72639dd19f23a5e" title="Set the specified Event Flags.">osEventFlagsSet</a>(evt_flags, 1);</div>
</div><!-- fragment --><p>The allocation of an RTOS object to the memory in a specific MPU Protected Zone does not provide access restriction. The access restriction can be bypassed if another thread calls the CMSIS-RTOS2 API with the object ID of the RTOS object as argument. The CMSIS-RTOS2 function is executed in handler mode and therefore can access and modify the RTOS object without raising a Memory Fault.</p>
<p>To enable access control for RTOS objects the <a class="el" href="rtos_process_isolation_safety_class.html">Safety Classes</a> concept is introduced in CMSIS-RTOS2.</p>
<h1><a class="anchor" id="rtos_process_isolation_mpu_fault"></a>
Handle Memory Access Faults</h1>
<p>A memory access fault is triggered when a thread tries to access memory or peripherals outside of the MPU Protected Zone loaded while the thread is running. In such case Memory Management Interrupt <a href="../Core/group__NVIC__gr.html">MemoryManagement_IRQn</a> is triggered by the processor and its handling function is executed according to the exception vector table specified in the device startup file (by default <span class="XML-Token">MemManage_Handler(void)</span> ).</p>
<p>The <em>MemManage_Handler()</em> interrupt handler is application specific and needs to be implemented by the user. In the handler it is possible to identify the thread that caused the memory access fault, the corresponding zone id and the safety class. This information can be used to define actions for entering a safe state. <a class="el" href="rtos_process_isolation_faults.html">Fault Handling</a> provides more details on the available system recovery possibilities. </p>
</div></div><!-- contents -->
</div><!-- PageDoc -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
  <ul>
    <li class="footer">
      <script type="text/javascript">
        <!--
        writeFooter.call(this);
        //-->
      </script> 
    </li>
  </ul>
</div>
</body>
</html>
